Data Protection Policy Statement
At the College of Research and Applied Studies (CRAS), we are committed to protecting the personal data of our students, staff, and other individuals who interact with us. This policy statement outlines our approach to data protection and explains how we handle personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Our Commitment to Data Protection
- We will process personal data fairly, lawfully, and transparently.
- We will collect and process personal data only for specified, legitimate purposes.
- We will ensure that personal data is accurate, up-to-date, and relevant to the purposes for which it is processed.
- We will implement robust security measures to protect personal data against unauthorized access, loss, or damage.
- We will respect the rights of individuals in relation to their personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability.
Types of Personal Data We Process
- Student data, including names, contact details, academic records, and financial information.
- Staff data, including names, contact details, employment records, and payroll information.
- Data from website users, including IP addresses, browser types, and other analytics data.
How We Process Personal Data:
- To provide educational services, including student admissions, registration, and academic support.
- To manage staff employment, including payroll, benefits, and performance management.
- To improve our services, including website analytics and user feedback.
- To comply with regulatory requirements, including academic regulations and funding body requirements.
Sharing Personal Data
- We will not share personal data with third parties without consent, unless required by law or necessary for the purposes outlined above. 6
- We may share personal data with our partner institutions, suppliers, and service providers, who will process data on our behalf in accordance with our instructions and data protection laws.
Data Retention
- We will retain personal data for as long as necessary to achieve the purposes outlined above, or as required by law.
- We will review and update our data retention policies regularly to ensure that personal data is not kept for longer than necessary.
Your Rights
- You have the right to access your personal data and request corrections, updates, or deletions.
- You have the right to object to processing, restrict processing, or request data portability.
- You have the right to complain to the Information Commissioner's Office (ICO) if you believe that we have not handled your personal data in accordance with data protection laws.
Contact Us
If you have any questions or concerns about our Data Protection policy, please contact our Data Protection Officer:
Changes to This Policy
We may update this policy statement from time to time to reflect changes in data protection laws or our processing activities. We will notify you of any significant changes to this policy.